Decentralized crypto exchange PancakeSwap has been attacked by hackers, per a tweet.
Earlier today, a similar service called Cream Finance said its DNS (domain name service) had been "compromised by a third party." PancakeSwap’s Twitter account then confirmed that it had been attacked through the same mechanism.
A “DNS hijack” is when an attacker reroutes traffic toward a malicious server; in this case, the “hijacked site” was after credentials for for users’ accounts.
Unlike a traditional exchange, where assets are traded through a central authority (like Coinbase, or the NYSE), a decentralized exchange uses smart contracts (essentially just code) that allow money to flow directly between traders. Decentralized exchanges tend to fall under the rubric of DeFi protocols, which are broadly defined as non-custodial systems for handling crypto.
Crucially, PancakeSwap’s smart contracts have not been hacked. Only the front-end of the website has been affected by this attack.
Investing in DeFi protocols can be extremely risky, since they are prone to hacks—half of all crypto-related hacks in 2020 targeted DeFi, according to the blockchain data company Chainalysis.
There's no sign of that slowing down in 2021: last week, a decentralized exchange called Dodo was hacked for nearly $4 million.